Services: Information Risk & Vulnerability Management
No information security strategy is complete without providing the ability for an organization to perform vulnerability assessments and manage risk. Digital Securus has extensive experience in these critical areas, and provides services in the following areas:
- Asset/Data Identification and Classification
- Internal and External Vulnerability Testing
- Wireless, PBX and Voice Over IP (VOIP) Assessments
- Physical Information Security Assessments
- Operational Security (OPSEC) Assessments
- Risk Management Tools and Processes
- Foreign Business Markets
1. Asset/Data Identification and Classification
One of the most important components of modern business is the data created by critical business activities.
Digital Securus specializes in assisting businesses with the identification and classification of data within their environments.
- Does your CEO know which data he needs to treat as sensitive?
- How do you ensure that sensitive data is not accidentally posted on your website?
- Do you know which systems and network components are critical to your business's survival in the event of a catastrophe?
These questions, although seemingly easy to answer at first, tend to be some of the most difficult issues businesses deal with surrounding the appropriate classification and handling of assets and data. The consequences from errors can result in financial loss, public embarrassment, and even criminal charges in certain situations.
2. Internal and External Vulnerability Testing
You've got your policies, procedures, standards and guidelines all in order. Your firewalls are set up, your backups are tested, your employees adequately trained, and your antivirus software now updates itself.
But are you really secure? How do you know you haven't missed something?
Digital Securus analysts have extensive experience in assessing a variety of network and system infrastructures to identify potential vulnerabilities, including but not limited to:
- Wired networks (internally and externally
- Wireless networks (802.11a/b/g)
- NT4 and Active Directory Domains
- Web-based applications
- Linux, Solaris, HP/UX, AIX UNIX systems
- Voice Over IP PBXs
Digital Securus actively works with you during the assessment to ensure uninterrupted service and provide real-time feedback as the testing progresses so that you're kept in the loop at all times.
All client relationships and assessment findings are kept strictly confidential.
3. Wireless, PBX and Voice Over IP (VOIP) Assessments
Wifi technology is one of the fasted growing segments in the Information Technology industry today. As easy as it is to install wifi technology is also one of the most difficult to properly secure.
If you're considering installing a wifi network for your business needs, or already have one and want to understand the security issues that surround wifi, Digital Securus can provide you with the latest in security awareness and wifi network design to ensure your data stays just that: yours.
The truth is, many wifi implementations today are insecure, and most companies have little or no understanding of the security issues wifi presents nor the extent to which wifi networks are being targeting by thieves, corporate saboteurs, and industrial spies.
Ever checked your phone PBX system? Has someone been using your PBX to make free long distant calls? Can someone listen to you voicemails? Your phone calls? Digital Securus can perform an assessment to determine what risks you have when it comes to your phone system.
Voice Over IP (VOIP) is a newer and very effective technology that can result in substantial savings for a company. However, improperly implemented, VOIP can expose your company to additional risks including eavesdropping, intrusion, and jeopardize life-safety. Digital Securus can help design robust, secure VOIP networks that reduce or eliminate many of these risks.
4. Physical Information Security Assessments
Your business may not need redundant power supplies, cabling, core switches, and routers in a multi-million dollar data center, but is your file server safe from prying fingers?
There's an old tenet of information security:
If physical access can be gained, complete ownership is attained.
Physical Information Security is often undervalued by a business, yet highly targeted by information thieves.
Digital Securus has the experience to walk through your facilities, interview key personnel to understand your business, and provide a plain-English assessment of the physical security infrastructure along with recommendations to align it appropriately with the importance of the data that supports your business.
5. Operational Security (OPSEC) Assessments
A lot can be learned by just watching a target. Bad guys do it all the time prior to committing a crime. Houses are “cased,” executives are followed, banks are watched and armored truck schedules mapped out. Bad guys note shift changes, radio traffic and garbage left in the dumpster. Conference rooms get bugged, and network sniffing devices get placed in wiring closets.
This all sounds very “James Bondish,” but in truth this happens quite frequently.
Is your business a target? How do you know?
Given the unique experiences of the Digital Securus members, we are uniquely qualified to assess your business operations and not only determine if you may be a target, but also provide recommendations for improving your OPSEC stance.
Contact us today to determine if your business has operational security needs.
6. Risk Management Tools and Processes
A new system is being developed and implemented to give you better reporting access on your financials. A web server has just been placed on your extranet to provide clients with information. A new exploit (hack) has just been posted on the internet and a worm/virus is expected within hours.
What do you do to keep your data secure while maintaining normal business operations? Can your business afford the risk each of these scenarios pose?
Digital Securus has proven experience in assisting with the design and implementation of risk management policies and procedures, and most importantly, tools to allow you to accurately determine the level of risk something poses in your environment and the level of response required to ensure your business operations continue unabated.
Does your company conduct business in foreign countries? Digital Securus can provide your company with guidance and information to help you assess risks unique to conducting business in foreign markets.
Contact Digital Securus to request help in managing these and other risks.